> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Import keys from another provider

> Migrate existing private keys from other custody providers into Dfns using a secure key import ceremony with end-to-end encryption.

This guide walks through importing existing private keys into Dfns from another custody provider.

<Warning>
  **We recommend creating new wallets and transferring funds instead of importing keys.** See [when to import vs create new](/advanced/key-import-and-export#when-to-import-vs-create-new) for guidance on whether key import is the right approach for your situation.
</Warning>

## Prerequisites

* Existing organization with key import enabled (contact your account team)
* Service account with `Signers:ListSigners`, `Keys:Import`, and `Wallets:Create` permissions
* Private keys exported from your current provider

## Planning your migration

Before importing keys, plan your approach:

<Steps>
  <Step title="Inventory wallets">
    List all wallets with addresses and networks
  </Step>

  <Step title="Document formats">
    Identify how keys are currently stored, their formats, derivation paths if any, etc.
  </Step>

  <Step title="Plan timing">
    Choose a migration window with low transaction volume
  </Step>

  <Step title="Test first">
    Start with lowest-value wallets
  </Step>
</Steps>

## Supported key formats

| Format             | Description                     | Use case               |
| ------------------ | ------------------------------- | ---------------------- |
| Raw hex            | 32-byte hex-encoded private key | Individual wallet keys |
| BIP-39 seed phrase | 12 or 24 word mnemonic          | Master seeds           |
| BIP-32 xprv        | Extended private key            | HD wallet roots        |

## Import process

See [how import works](/advanced/key-import-and-export#import) for details on how the SDK secures your keys during import.

<Steps>
  <Step title="Get your existing private key">
    Extract the private key from your current custody provider in one of the supported formats. See below for examples.
  </Step>

  <Step title="Split, encrypt and transmit">
    Use the [SDK import example](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/import-wallet) to split your key into encrypted shares client-side and send the encrypted shares to Dfns. The complete private key never leaves your machine.
  </Step>

  <Step title="Create wallets">
    Create wallets on specific networks using the imported key. You can create wallets on all compatible networks using the same key so that they share the same address. Note that creating the first wallet with a new key can only be done via API, using the [Create Wallet](/api-reference/wallets/create-wallet) endpoint. For the next wallets you can use the API or the [dashboard](/guides/multichain-wallets).
  </Step>

  <Step title="Verify">
    Confirm the wallet address matches your source. Consider a small test transaction before production use.
  </Step>
</Steps>

See the [SDK import example](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/import-wallet) for a complete working implementation.

## Provider-specific instructions

<AccordionGroup>
  <Accordion title="Migrating from Fireblocks">
    Fireblocks uses HD (hierarchical deterministic) wallets with a master key from which individual wallet keys are derived. You can import the master key into Dfns and then create derived wallets using the same derivation paths.

    **Fireblocks key structure**

    Fireblocks follows BIP-44 derivation paths:

    ```
    m/44'/coinType'/account'/0/0
    ```

    Where `coinType` is the asset identifier (0 for Bitcoin, 60 for Ethereum) and `account` is the vault account ID.

    **Export and import process**

    <Steps>
      <Step title="Obtain your Recovery Kit">
        Request your Recovery Kit from Fireblocks. This encrypted backup contains your workspace keys.
      </Step>

      <Step title="Run the Recovery Utility">
        On an airgapped machine, use the Fireblocks Recovery Utility to decrypt the kit. This produces your extended keys:

        * ECDSA keys (secp256k1): standard `xprv` format
        * EdDSA keys (ed25519): Fireblocks-specific format
      </Step>

      <Step title="Import master key to Dfns">
        Use the [HD wallet import example](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/import-hd-wallet) to import your master key and create derived wallets with the appropriate paths. For details on the API call used to derive each child wallet, see [Deriving wallets from a master key](/guides/developers/create-wallets#deriving-wallets-from-a-master-key-hd).

        <Warning>
          For EdDSA keys (ed25519), you must set `secretScalar: true` when importing. See the [example code](https://github.com/dfns/dfns-sdk-ts/blob/m/examples/sdk/import-hd-wallet/index.ts#L54) for reference.
        </Warning>
      </Step>

      <Step title="Verify addresses">
        After importing, verify that the derived wallet addresses match your Fireblocks wallet addresses.
      </Step>
    </Steps>
  </Accordion>
</AccordionGroup>

<Note>
  Import operations should be performed on a secure, isolated machine. Handle private keys with extreme care and securely delete any temporary files after import.
</Note>